Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos

Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos


Log-Analyse und Auswertung: Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 29.11.2011, 23:25   #1
The-Clash
 
Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos - Standard

Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos


Nach fast 10Jahren ohne virenscanner oder firewall im netz bei fast 1000+ Seiten täglich hab ich mir doch zum ersten mal was eingefangen, und dann auch noch was fieses. die freeware version von Emi Anti Malware Bedankt sich für die nutztung mit einem Bluescreen (zumindest wenn man nach rootkits sucht), die Windows Firewall lässt sich nicht mehr aktivieren, Die meisten meiner Programme + desktop + startmenü waren komplett deaktiviert oder unsichtbar, eine Scareware wollte Geld für das entfernen haben (ja klar aber sicher ....) und google öffnet ab und an andere links als die auf die ich klicke...

Ich hab nun fast alles von Hand wiederhergestellt.Die Scareware is runter, die Dateien wieder sichtbar, etc...

Übrig ist die kaputte Windows Firewall und das Problem mit Google. Sobald das problem loslegt wird Google merklich langsamer und javscript funktioniert nicht mehr auf der Seite (ich kann z.b. nicht mehr auf "Safesearch" klicken (kein effekt), dann öffnen sich über eine Weiterleitung verscheidenen Seiten auf die ich definitiv nicht geklickt habe (aber immer nur eine pro klick)
Das tritt sehr unregelmäßig auf, aber oft genug um zu stören.

hier mein log

Code:
ATTFilter
OTL logfile created on: 29.11.2011 22:49:03 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = E:\LiedvonEisundFeuer
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 81,30% Memory free
15,96 Gb Paging File | 14,35 Gb Available in Paging File | 89,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 10,01 Gb Free Space | 8,96% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 274,30 Gb Free Space | 29,45% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 434,23 Gb Free Space | 46,62% Space Free | Partition Type: NTFS
 
Computer Name: DEEPTHOUGHT | User Name: Clash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.29 22:45:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\LiedvonEisundFeuer\OTL.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.10 23:43:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.29 00:10:36 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ffea70edf9aa81cba6a5be8070d3dd9\IAStorUtil.ni.dll
MOD - [2011.11.29 00:10:36 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll
MOD - [2011.11.28 20:37:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.11.28 20:36:57 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.11.28 20:36:53 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.11.28 20:36:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.11.28 20:36:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.11.28 20:36:40 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.11.28 20:36:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.11.28 20:36:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.01.19 02:17:34 | 000,895,488 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Plus Web Player\libxml2.dll
MOD - [2010.11.21 07:21:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.11.29 21:13:37 | 002,996,784 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011.11.03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.10.17 10:40:10 | 000,131,912 | ---- | M] (Desura Pty Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.25 19:35:02 | 000,024,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2011.08.22 14:17:02 | 000,036,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.08.15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.03 18:42:24 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.10 23:43:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.10.15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.08.22 14:17:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.08.19 01:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.05.16 17:35:14 | 000,156,912 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.05.12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\9F2.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011.05.10 16:02:53 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2011.05.10 15:59:41 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 15:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.01.27 19:18:32 | 000,069,120 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2011.01.27 19:18:32 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.06.11 13:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2010.01.27 16:25:42 | 001,584,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.11 16:41:04 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011.05.19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com/?pc=avbr [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 55 C1 65 24 0F CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = my.daemon-search.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.rememberthemilk.com/home/clash666/#section.tasks|hxxp://vrr.de/de/fahrplanauskunft/index.html|hxxp://www.google.com/webhp|hxxp://www.wahlrecht.de/umfragen/index.htm|hxxp://news.google.com/news?pz=1&cf=all&ned=de&ict=ln|https://www.rememberthemilk.com/home/clash666/#section.tasks"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Clash\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Clash\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.17 01:47:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.17 01:47:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.08 02:43:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.17 12:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.08 21:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.09.17 12:38:58 | 000,000,000 | ---D | M]
 
[2011.05.10 17:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clash\AppData\Roaming\mozilla\Extensions
[2011.05.04 16:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clash\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.28 22:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions
[2011.09.09 15:20:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.10.04 10:50:16 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011.11.19 12:03:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.08.25 20:52:43 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions\foxmarks@kei.com
[2011.10.16 03:42:30 | 000,002,407 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Mozilla\Firefox\Profiles\oato85hz.default\searchplugins\ask.uk.xml
[2011.04.28 23:43:05 | 000,002,101 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Mozilla\Firefox\Profiles\oato85hz.default\searchplugins\googlede.xml
[2011.11.08 02:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.29 21:00:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{5355BE22-20F5-11DC-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{B2509CD4-17CD-45ED-8146-A82AF038F493}.XPI
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{FFFE0EAC-3819-4561-8AA9-178A68450D4F}.XPI
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\FABTAB@CAPTAINCAVEMAN.NL.XPI
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\OPENWITH@DARKTROJAN.NET.XPI
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI
[2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.28 18:59:19 | 000,441,530 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
O1 - Hosts: 15180 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ASRockXTU]  File not found
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E3FA767-F4EF-4953-9AFE-56CC3C15E348}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96634769-7F6E-46D0-B872-EDEE345DECA0}: DhcpNameServer = 80.67.0.2 91.213.246.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F361BF14-75DE-494C-AFF6-35A9F4B7A740}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F361BF14-75DE-494C-AFF6-35A9F4B7A740}: NameServer = 80.69.100.174,80.69.100.206
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\ASRSetup.exe
O33 - MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\Shell\AutoRun\command - "" = J:\start.exe
O33 - MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^Clash^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Cmaudio8788 - hkey= - key= - C:\Windows\syswow64\RunDll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Cmaudio8788GX - hkey= - key= - C:\Windows\syswow64\HsMgr.exe ()
MsConfig:64bit - StartUpReg: Cmaudio8788GX64 - hkey= - key= - C:\Windows\system\HsMgr64.exe ()
MsConfig:64bit - StartUpReg: Desura - hkey= - key= - C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: FileZilla Server Interface - hkey= - key= - C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
MsConfig:64bit - StartUpReg: Garmin Lifetime Updater - hkey= - key= - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Clash\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
MsConfig:64bit - StartUpReg: itype - hkey= - key= - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: Nuance PDF Reader-reminder - hkey= - key= - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: RunDLLEntry - hkey= - key= - C:\Windows\SysNative\RunDLL32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: StartNowToolbarHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - E:\Games\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: XFastUsb - hkey= - key= - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
MsConfig:64bit - StartUpReg: yEfRqQhDUGAmlI.exe - hkey= - key= -  File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.29 21:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.29 21:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.29 21:44:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011.11.29 21:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.11.29 21:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011.11.29 21:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011.11.29 21:04:24 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\Anti-Malware
[2011.11.29 20:35:12 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\Gaslamp Games
[2011.11.29 19:41:46 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2011.11.29 19:41:46 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2011.11.29 19:41:46 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2011.11.29 19:41:46 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2011.11.29 19:41:46 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2011.11.29 19:41:46 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2011.11.29 19:41:46 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2011.11.29 19:41:46 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2011.11.29 19:41:46 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2011.11.29 19:41:46 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2011.11.29 19:41:46 | 000,053,248 | ---- | C] (hxxp://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2011.11.29 18:38:55 | 000,000,000 | ---D | C] -- C:\Users\Clash\Neuer Ordner
[2011.11.29 18:29:10 | 000,000,000 | ---D | C] -- C:\mingw
[2011.11.29 17:26:54 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\codeblocks
[2011.11.29 17:26:43 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2011.11.29 17:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2011.11.29 17:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CodeBlocks
[2011.11.29 04:46:23 | 000,000,000 | ---D | C] -- C:\Wascana
[2011.11.29 03:39:54 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wascana
[2011.11.29 03:07:56 | 002,725,376 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\cmudaxp.sys
[2011.11.29 03:07:56 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\WIN7
[2011.11.28 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Malwarebytes
[2011.11.28 22:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.28 22:00:34 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.28 21:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011.11.28 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\Clash\Pavark
[2011.11.28 21:29:42 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\Wolframs von Eschenbach - Parzival CD1
[2011.11.28 20:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vim 7.3
[2011.11.28 20:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vim
[2011.11.28 17:07:39 | 000,000,000 | ---D | C] -- C:\msys
[2011.11.28 17:06:24 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MinGW
[2011.11.28 16:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MinGW
[2011.11.28 15:47:53 | 000,000,000 | ---D | C] -- C:\cPlusPlus
[2011.11.28 15:39:31 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Nokia
[2011.11.28 15:39:27 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Local\Nokia
[2011.11.26 02:33:39 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\Orcs Must Die
[2011.11.26 02:29:07 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\Crayon Physics Deluxe
[2011.11.26 02:27:56 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Crayon Physics Deluxe
[2011.11.23 16:30:43 | 145,320,383 | ---- | C] (Sereby Corporation) -- C:\Users\Clash\Desktop\aio-runtimes.exe
[2011.11.23 16:04:50 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\jongliernacht
[2011.11.21 22:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.21 18:56:58 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\SaalDesignSoftware
[2011.11.21 18:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaalDesignSoftware
[2011.11.19 17:23:50 | 000,000,000 | ---D | C] -- C:\wp-smushit
[2011.11.16 19:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN Technologies
[2011.11.12 12:57:10 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Local\Skyrim
[2011.11.11 20:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eclipse PHP
[2011.11.07 21:33:46 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\Neuer Ordner (2)
[2011.11.06 21:40:30 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\.purple
[2011.11.02 22:10:04 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Mumble
[2011.11.01 21:40:11 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\test
[2011.11.01 21:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2011.11.01 21:29:27 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\dsa
[2011.11.01 11:20:48 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\brain
[2011.10.31 19:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Clash\Desktop\*.tmp files -> C:\Users\Clash\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.29 22:47:49 | 001,650,748 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.29 22:47:49 | 000,710,810 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.29 22:47:49 | 000,663,822 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.29 22:47:49 | 000,153,902 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.29 22:47:49 | 000,125,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.29 22:43:46 | 000,005,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.29 22:43:46 | 000,005,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.29 22:43:32 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.29 22:43:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.29 22:43:28 | 2133,868,543 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.29 22:42:17 | 000,000,020 | ---- | M] () -- C:\Users\Clash\defogger_reenable
[2011.11.29 22:29:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.29 22:25:42 | 000,842,122 | ---- | M] () -- C:\Users\Clash\AppData\Local\census.cache
[2011.11.29 22:25:35 | 000,100,710 | ---- | M] () -- C:\Users\Clash\AppData\Local\ars.cache
[2011.11.29 22:20:31 | 000,000,036 | ---- | M] () -- C:\Users\Clash\AppData\Local\housecall.guid.cache
[2011.11.29 21:55:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000UA.job
[2011.11.29 21:53:08 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.29 21:04:34 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011.11.29 19:46:53 | 000,001,272 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2011.11.29 18:29:30 | 000,001,480 | ---- | M] () -- C:\Users\Clash\Desktop\MSYS.lnk
[2011.11.29 18:29:30 | 000,000,044 | ---- | M] () -- C:\Windows\MSYS.INI
[2011.11.29 17:26:44 | 000,001,099 | ---- | M] () -- C:\Users\Clash\Desktop\CodeBlocks.lnk
[2011.11.29 17:06:51 | 000,000,766 | ---- | M] () -- C:\Users\Clash\Desktop\Wascana Eclipse (2).lnk
[2011.11.29 04:46:38 | 000,001,640 | ---- | M] () -- C:\Users\Clash\Desktop\Wascana Shell.lnk
[2011.11.29 04:46:38 | 000,000,730 | ---- | M] () -- C:\Users\Clash\Desktop\Wascana Eclipse.lnk
[2011.11.29 03:09:43 | 000,147,860 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.cfl
[2011.11.29 03:09:42 | 000,000,954 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi
[2011.11.29 03:09:42 | 000,000,893 | ---- | M] () -- C:\Windows\System\Cmicnfgp.ini
[2011.11.29 03:09:42 | 000,000,140 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2011.11.29 02:55:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000Core.job
[2011.11.28 20:48:53 | 000,012,288 | -H-- | M] () -- C:\Windows\SysWow64\_.swp
[2011.11.28 20:48:53 | 000,001,026 | ---- | M] () -- C:\Users\Clash\_viminfo
[2011.11.28 20:43:33 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\gVim Read only 7.3.lnk
[2011.11.28 20:43:33 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\gVim Easy 7.3.lnk
[2011.11.28 20:43:33 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\gVim 7.3.lnk
[2011.11.28 20:43:33 | 000,000,993 | ---- | M] () -- C:\Windows\gvimdiff.bat
[2011.11.28 20:43:33 | 000,000,993 | ---- | M] () -- C:\Windows\gview.bat
[2011.11.28 20:43:33 | 000,000,993 | ---- | M] () -- C:\Windows\evim.bat
[2011.11.28 20:43:33 | 000,000,985 | ---- | M] () -- C:\Windows\gvim.bat
[2011.11.28 20:43:33 | 000,000,694 | ---- | M] () -- C:\Windows\vimtutor.bat
[2011.11.28 20:43:33 | 000,000,668 | ---- | M] () -- C:\Windows\vimdiff.bat
[2011.11.28 20:43:33 | 000,000,668 | ---- | M] () -- C:\Windows\view.bat
[2011.11.28 20:43:33 | 000,000,664 | ---- | M] () -- C:\Windows\vim.bat
[2011.11.28 20:36:18 | 005,006,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.28 20:30:22 | 001,627,706 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.28 19:32:40 | 000,000,930 | ---- | M] () -- C:\Users\Clash\Desktop\Steam - Verknüpfung.lnk
[2011.11.28 19:09:44 | 000,001,093 | ---- | M] () -- C:\Users\Clash\Desktop\netbeans - Verknüpfung.lnk
[2011.11.28 18:59:19 | 000,441,530 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.11.28 18:57:29 | 000,001,266 | ---- | M] () -- C:\Users\Clash\Desktop\Spybot - Search & Destroy.lnk
[2011.11.24 15:44:39 | 023,042,284 | ---- | M] () -- C:\Users\Clash\Desktop\hogy.7z
[2011.11.23 16:34:54 | 000,040,538 | ---- | M] () -- C:\Windows\unins000.dat
[2011.11.23 16:34:26 | 001,202,763 | ---- | M] () -- C:\Windows\unins000.exe
[2011.11.23 15:42:11 | 000,096,182 | ---- | M] () -- C:\Users\Clash\Desktop\sp-Holger.jpg
[2011.11.22 19:56:01 | 000,000,600 | ---- | M] () -- C:\Users\Clash\AppData\Local\PUTTY.RND
[2011.11.21 19:26:52 | 000,000,132 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.11.21 19:08:40 | 000,733,363 | ---- | M] () -- C:\Users\Clash\Desktop\hogwarts_high.jpg
[2011.11.20 18:24:43 | 000,611,275 | ---- | M] () -- C:\Users\Clash\Desktop\comp_tnmp-3017.jpg
[2011.11.16 19:41:04 | 145,320,383 | ---- | M] (Sereby Corporation) -- C:\Users\Clash\Desktop\aio-runtimes.exe
[2011.11.14 18:12:55 | 137,701,577 | ---- | M] () -- C:\EasyPHP.zip
[2011.11.13 02:55:19 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.11.13 02:55:19 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.11 20:02:59 | 000,001,151 | ---- | M] () -- C:\Users\Clash\Desktop\eclipse for PHP.lnk
[2011.11.11 12:07:29 | 000,000,036 | ---- | M] () -- C:\Users\Clash\.org.eclipse.epp.usagedata.recording.userId
[2011.11.08 14:51:33 | 000,092,823 | ---- | M] () -- C:\Users\Clash\Desktop\123.PNG
[2011.11.07 15:03:23 | 000,012,800 | ---- | M] () -- C:\Users\Clash\Documents\domaintransferauftraege.pdf
[2011.11.06 21:00:41 | 000,035,221 | ---- | M] () -- C:\Users\Clash\Desktop\313289_307111715972340_306091499407695_1496240_1080525599_n.jpg
[2011.11.02 22:14:11 | 000,002,384 | ---- | M] () -- C:\Users\Clash\Documents\MumbleAutomaticCertificateBackup.p12
[2011.11.02 01:28:47 | 000,003,642 | ---- | M] () -- C:\Users\Clash\Desktop\wp-config.php
[2011.11.01 12:13:54 | 000,000,132 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Adobe PNG Format CS5 Prefs
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Clash\Desktop\*.tmp files -> C:\Users\Clash\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.29 22:42:17 | 000,000,020 | ---- | C] () -- C:\Users\Clash\defogger_reenable
[2011.11.29 22:25:42 | 000,842,122 | ---- | C] () -- C:\Users\Clash\AppData\Local\census.cache
[2011.11.29 22:25:35 | 000,100,710 | ---- | C] () -- C:\Users\Clash\AppData\Local\ars.cache
[2011.11.29 22:20:31 | 000,000,036 | ---- | C] () -- C:\Users\Clash\AppData\Local\housecall.guid.cache
[2011.11.29 21:53:08 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.29 21:04:34 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011.11.29 19:43:48 | 000,001,272 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2011.11.29 19:41:46 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2011.11.29 19:41:46 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2011.11.29 19:41:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2011.11.29 18:18:12 | 000,324,096 | ---- | C] () -- C:\Windows\SDL.dll
[2011.11.29 17:26:44 | 000,001,099 | ---- | C] () -- C:\Users\Clash\Desktop\CodeBlocks.lnk
[2011.11.29 17:06:51 | 000,000,766 | ---- | C] () -- C:\Users\Clash\Desktop\Wascana Eclipse (2).lnk
[2011.11.29 04:01:15 | 000,324,096 | ---- | C] () -- C:\Windows\SysNative\SDL.dll
[2011.11.29 03:39:54 | 000,001,640 | ---- | C] () -- C:\Users\Clash\Desktop\Wascana Shell.lnk
[2011.11.29 03:39:54 | 000,000,730 | ---- | C] () -- C:\Users\Clash\Desktop\Wascana Eclipse.lnk
[2011.11.29 03:07:56 | 000,049,152 | ---- | C] () -- C:\Users\Clash\Desktop\Setup.exe
[2011.11.29 03:07:56 | 000,000,117 | ---- | C] () -- C:\Users\Clash\Desktop\CmiMergeSetup.ini
[2011.11.28 20:47:57 | 000,012,288 | -H-- | C] () -- C:\Windows\SysWow64\_.swp
[2011.11.28 20:44:14 | 000,001,026 | ---- | C] () -- C:\Users\Clash\_viminfo
[2011.11.28 20:43:33 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\gVim Read only 7.3.lnk
[2011.11.28 20:43:33 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\gVim Easy 7.3.lnk
[2011.11.28 20:43:33 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\gVim 7.3.lnk
[2011.11.28 20:43:33 | 000,000,993 | ---- | C] () -- C:\Windows\gvimdiff.bat
[2011.11.28 20:43:33 | 000,000,993 | ---- | C] () -- C:\Windows\gview.bat
[2011.11.28 20:43:33 | 000,000,993 | ---- | C] () -- C:\Windows\evim.bat
[2011.11.28 20:43:33 | 000,000,985 | ---- | C] () -- C:\Windows\gvim.bat
[2011.11.28 20:43:33 | 000,000,694 | ---- | C] () -- C:\Windows\vimtutor.bat
[2011.11.28 20:43:33 | 000,000,668 | ---- | C] () -- C:\Windows\vimdiff.bat
[2011.11.28 20:43:33 | 000,000,668 | ---- | C] () -- C:\Windows\view.bat
[2011.11.28 20:43:33 | 000,000,664 | ---- | C] () -- C:\Windows\vim.bat
[2011.11.28 19:32:40 | 000,000,930 | ---- | C] () -- C:\Users\Clash\Desktop\Steam - Verknüpfung.lnk
[2011.11.28 19:09:44 | 000,001,093 | ---- | C] () -- C:\Users\Clash\Desktop\netbeans - Verknüpfung.lnk
[2011.11.28 16:47:32 | 000,001,480 | ---- | C] () -- C:\Users\Clash\Desktop\MSYS.lnk
[2011.11.28 16:47:32 | 000,000,044 | ---- | C] () -- C:\Windows\MSYS.INI
[2011.11.24 15:44:35 | 023,042,284 | ---- | C] () -- C:\Users\Clash\Desktop\hogy.7z
[2011.11.23 16:26:54 | 000,611,275 | ---- | C] () -- C:\Users\Clash\Desktop\comp_tnmp-3017.jpg
[2011.11.23 15:42:11 | 000,096,182 | ---- | C] () -- C:\Users\Clash\Desktop\sp-Holger.jpg
[2011.11.21 19:23:39 | 000,000,132 | ---- | C] () -- C:\Users\Clash\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.11.21 19:08:37 | 000,733,363 | ---- | C] () -- C:\Users\Clash\Desktop\hogwarts_high.jpg
[2011.11.14 18:12:41 | 137,701,577 | ---- | C] () -- C:\EasyPHP.zip
[2011.11.11 20:02:59 | 000,001,151 | ---- | C] () -- C:\Users\Clash\Desktop\eclipse for PHP.lnk
[2011.11.11 12:07:29 | 000,000,036 | ---- | C] () -- C:\Users\Clash\.org.eclipse.epp.usagedata.recording.userId
[2011.11.08 14:51:23 | 000,092,823 | ---- | C] () -- C:\Users\Clash\Desktop\123.PNG
[2011.11.07 15:03:22 | 000,012,800 | ---- | C] () -- C:\Users\Clash\Documents\domaintransferauftraege.pdf
[2011.11.06 21:00:41 | 000,035,221 | ---- | C] () -- C:\Users\Clash\Desktop\313289_307111715972340_306091499407695_1496240_1080525599_n.jpg
[2011.11.02 22:14:11 | 000,002,384 | ---- | C] () -- C:\Users\Clash\Documents\MumbleAutomaticCertificateBackup.p12
[2011.11.02 01:28:47 | 000,003,642 | ---- | C] () -- C:\Users\Clash\Desktop\wp-config.php
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.10.03 16:53:33 | 000,000,032 | ---- | C] () -- C:\Windows\Terraria.INI
[2011.09.13 20:01:49 | 000,000,132 | ---- | C] () -- C:\Users\Clash\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.09.09 15:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.09.07 11:39:55 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll
[2011.09.07 11:39:55 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2011.09.07 11:39:55 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011.09.07 11:39:54 | 001,202,763 | ---- | C] () -- C:\Windows\unins000.exe
[2011.09.07 11:39:54 | 000,040,538 | ---- | C] () -- C:\Windows\unins000.dat
[2011.08.07 20:15:40 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.07.01 13:14:25 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.06.24 14:48:19 | 000,000,048 | ---- | C] () -- C:\Windows\ABC_mru.ini
[2011.06.14 23:48:45 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2011.06.11 16:50:42 | 000,000,600 | ---- | C] () -- C:\Users\Clash\AppData\Local\PUTTY.RND
[2011.06.08 22:56:43 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.08 22:56:37 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.08 22:56:37 | 000,000,306 | ---- | C] () -- C:\Windows\game.ini
[2011.05.26 00:57:39 | 000,007,602 | ---- | C] () -- C:\Users\Clash\AppData\Local\Resmon.ResmonCfg
[2011.05.10 20:07:57 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.05.10 18:35:29 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.05.10 18:35:29 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011.05.10 18:35:29 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.05.10 18:35:28 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI
[2011.05.10 18:35:21 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.10 18:35:21 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5240.DAT
[2011.05.10 18:34:45 | 000,000,091 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.05.10 16:37:15 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2011.05.10 16:37:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2011.05.10 16:37:15 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2011.05.10 16:37:14 | 000,147,860 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2011.05.10 16:37:12 | 000,000,954 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2011.05.10 16:37:10 | 000,005,018 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2011.05.10 16:37:10 | 000,000,485 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2011.05.10 16:32:59 | 001,627,706 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== LOP Check ==========
 
[2011.09.18 03:39:38 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\.minecraft
[2011.11.06 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\.purple
[2011.05.10 16:37:22 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\ASUS
[2011.09.05 14:30:06 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\ColorSchemer
[2011.11.26 02:30:42 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Crayon Physics Deluxe
[2011.05.19 01:39:30 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\cspa
[2011.05.21 23:11:57 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\DAEMON Tools Lite
[2011.05.10 16:09:58 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\DeviceVm
[2011.10.13 18:33:14 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\elsterformular
[2011.11.29 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\FileZilla
[2011.11.29 22:14:42 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\foobar2000
[2011.09.12 16:36:49 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\GameMaker
[2011.09.09 15:28:36 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Garmin
[2011.07.01 13:51:30 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\HandBrake
[2011.08.07 20:06:46 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Hi-Rez Studios
[2011.05.14 03:17:31 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\ImgBurn
[2011.05.10 18:31:58 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\LibreOffice
[2011.08.05 11:35:31 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\mkvtoolnix
[2011.11.29 20:06:04 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Mumble
[2011.06.15 23:06:13 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\MySQL
[2011.11.29 01:27:48 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Natural Selection 2
[2011.11.28 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Nokia
[2011.09.30 00:50:59 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Notepad++
[2011.05.26 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Nuance
[2011.05.15 22:31:08 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Opera
[2011.09.30 00:51:04 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\PeaZip
[2011.10.13 10:58:04 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\RegExr.8CE3EE8FC37F7781C562DFF80977CFBA322DD1EF.1
[2011.09.09 15:15:31 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\rockbox.org
[2011.11.21 18:56:58 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\SaalDesignSoftware
[2011.11.29 22:42:30 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\SPlayer
[2011.05.17 11:40:10 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Subversion
[2011.06.06 18:36:35 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\TeamViewer
[2011.11.22 19:49:27 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Thunderbird
[2011.05.11 12:24:21 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Titanium
[2011.09.07 16:48:31 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Tunngle
[2011.08.01 14:59:37 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\wargaming.net
[2011.08.05 22:45:21 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\XBMC
[2011.05.26 15:17:21 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Zeon
[2011.07.13 22:51:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.11.28 21:49:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.20 22:30:06 | 000,000,000 | ---D | M] -- C:\.craftbukkit
[2011.05.11 22:53:41 | 000,000,000 | ---D | M] -- C:\Android
[2011.11.29 18:49:01 | 000,000,000 | ---D | M] -- C:\cPlusPlus
[2011.09.20 22:36:03 | 000,000,000 | ---D | M] -- C:\craftbukkit
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.05.10 15:53:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.06.16 03:46:59 | 000,000,000 | ---D | M] -- C:\EasyPHP
[2011.10.17 13:50:30 | 000,000,000 | ---D | M] -- C:\EasyPHP - Kopie
[2011.10.21 16:34:25 | 000,000,000 | ---D | M] -- C:\EasyPHP - Kopie (2)
[2011.10.03 16:53:24 | 000,000,000 | ---D | M] -- C:\Games
[2011.06.24 15:29:30 | 000,000,000 | ---D | M] -- C:\glassfish3
[2011.09.09 15:32:26 | 000,000,000 | ---D | M] -- C:\hallo
[2011.05.10 15:55:54 | 000,000,000 | ---D | M] -- C:\Intel
[2011.11.29 18:29:12 | 000,000,000 | ---D | M] -- C:\mingw
[2011.05.10 18:34:30 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.11.28 17:07:39 | 000,000,000 | ---D | M] -- C:\msys
[2011.06.07 20:48:17 | 000,000,000 | ---D | M] -- C:\MyBootCD
[2011.05.10 16:11:05 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.29 20:59:07 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.29 21:53:04 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.11.29 21:42:09 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.05.10 15:53:19 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.10 15:53:19 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.08.05 13:18:10 | 000,000,000 | ---D | M] -- C:\StAX
[2011.11.29 22:49:59 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.29 21:44:36 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2011.11.28 16:18:58 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.29 17:51:02 | 000,000,000 | ---D | M] -- C:\Wascana
[2011.11.29 21:15:09 | 000,000,000 | ---D | M] -- C:\Windows
[2011.11.19 17:23:51 | 000,000,000 | ---D | M] -- C:\wp-smushit
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011.05.11 15:02:08 | 005,945,944 | -H-- | M] (Safer-Networking Ltd.) MD5=B302653D473E85E3FFCF100F12062EF9 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\ProgramData\Microsoft\Windows\RAI\64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Users\All Users\Microsoft\Windows\RAI\64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010.08.14 10:37:49 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=87A00ED70FEC36D0DD968E5058C29AA1 -- C:\Windows\SysNative\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
Nun ich bin für jede Hilfe dankbar! Grüße, Ralf

 

Themen zu Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos
autorun, avira, bho, bluescreen, c:\windows\system32\rundll32.exe, desktop, emsisoft, emsisoft anti-malware, entfernen, error, firefox, funktioniert nicht mehr, geld, google, google earth, helper, logfile, malware, mein log, mozilla thunderbird, plug-in, problem, realtek, registry, required, rootkit, rundll, safer networking, scan, security, security update, senden, server, software, version=2.0, webcheck, windows, zeon/pdf


« BKA - Trojaner OTL.txt | Firewall jedes mal nach Neustart kurz inaktiv! »


Ähnliche Themen: Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos


  1. Windows 7: Adware/Verdacht auf andere Schädlinge
    Log-Analyse und Auswertung - 20.05.2015 (16)
  2. Verständnis Frage; Malwarebytes Anti-Malware vs. Malwarebytes Anti-Rootkit
    Antiviren-, Firewall- und andere Schutzprogramme - 21.12.2014 (3)
  3. Windows 7 Verdacht auf Rootkit
    Log-Analyse und Auswertung - 22.09.2014 (3)
  4. Verdacht auf Virus, Internet connecten dauert lange, Viele Dienste starten nicht. Avira sowie Malwarebytes meckern nicht.
    Plagegeister aller Art und deren Bekämpfung - 23.08.2014 (1)
  5. Sporadische Adf.ly-Popups, Verdacht auf Rootkit
    Log-Analyse und Auswertung - 16.06.2013 (28)
  6. Verdacht auf ZeroAccess Rootkit
    Log-Analyse und Auswertung - 23.04.2013 (7)
  7. TR/Crypt.EPACK.Gen2 bei AVIRA gefunden, aber MALWAREBYTES fand andere Schädlinge
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (2)
  8. Hartnäckigen Virus! (5) (Verdacht auf Rootkit?)
    Plagegeister aller Art und deren Bekämpfung - 17.11.2012 (20)
  9. Verdacht auf Virus Trojaner Rootkit
    Log-Analyse und Auswertung - 08.06.2012 (1)
  10. PC Tools Spyware Doctor oder MalwareBytes Anti-Malware Vollversion?
    Diskussionsforum - 29.02.2012 (2)
  11. Verdacht auf Rootkit // ACPI.sys >>UNKNOWN [0xfffffa8003a912c0]
    Log-Analyse und Auswertung - 22.12.2011 (8)
  12. Trash.Gen, Umleitung über andere Seiten, Formatieren nutzlos
    Plagegeister aller Art und deren Bekämpfung - 15.12.2010 (3)
  13. GMER Auswertung verdacht auf Rootkit
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (14)
  14. System hängt, Avira & Malwarebytes crash nach Trojanerfund durch Avira
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (56)
  15. Avira nutzlos!
    Antiviren-, Firewall- und andere Schutzprogramme - 25.02.2009 (14)
  16. Verdacht auf RootKit
    Plagegeister aller Art und deren Bekämpfung - 29.11.2007 (57)
  17. Rootkit oder Fehler der Tools?
    Plagegeister aller Art und deren Bekämpfung - 30.06.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos - Nach fast 10Jahren ohne virenscanner oder firewall im netz bei fast 1000+ Seiten täglich hab ich mir doch zum ersten mal was eingefangen, und dann auch noch was fieses. die - Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos...
Archiv
Du betrachtest: Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19